Skip to main content


BlueHat Security Briefings: Fall 2006 Sessions and Interviews

The fall Microsoft BlueHat Security Briefings event was held on October 20, 2006. Listen to podcast interviews with the presenters, and read the session descriptions and speaker bios below.

On This Page

Skype High

Session DescriptionSpeakers
Skype is a free voice over IP (VOIP) application. This presentation covers the many layers of protection, tools and techniques that have been used to protect Skype internals. While many other VOIP applications exist specific traits make Skype very different, such as its peer-to-peer architecture, its ease to bypass firewalls and the impressive level of obfuscation that has been invested to prevent anybody from looking inside the software and its communications. This last point added to its increasing success while giving to many myths on security issues around it.

Fabrice Desclaux
European Aeronautic Defence and Space Company (EADS)

Fabrice Desclaux works at the EADS/Corporate Research Centre (CRC) in the SSI lab as a research engineer. He is the author of rr0d, the Rasta Ring 0 Debugger, the first OS independent ring 0 debugger.

Kostya Kortchinsky
European Aeronautic Defence and Space Company (EADS)

Kostya Kortchinsky works at the EADS/CRC in the SSI lab as a research engineer. He used to manage the French academic CERT and has been credited several times for having found various vulnerabilities in Microsoft Windows.

Listen to a podcast interview with Fabrice Desclaux and Kostya Kortchinsky (no longer available).


Blue Mist: Wireless Driver Vulnerabilities and Hardware Virtualization Rootkits

Session DescriptionSpeakers
With more code auditing being done at the operating system level, an attacker has two choices: go up to the application level or go down to the device driver level. With new technologies like Wi-Fi and Bluetooth being integrated into new machines at breakneck speeds, the drivers are not as battle proven as they have been in the past. This talk covered these new types of technologies, how they are vulnerable, and how an attacker can take advantage of them.

Dino A. Dai Zovi
Matasano Security

Dino A. Dai Zovi is a Principal Member of Matasano Security where he performs ShipSafe product penetration tests for software vendors and DeploySafe third-party software penetration tests for enterprise clients. Mr. Dai Zovi specializes in product, application, and operating system penetration testing and has done so in his previous roles at Bloomberg, @stake, and Sandia National Laboratories. He is also a frequent speaker on his computer security research, including presentations at previous BlueHats, the Black Hat Briefings, IEEE Information Assurance Workshop, CanSecWest and DEFCON. Dino graduated with Honors with a B.S. in Computer Science and Minor in Mathematics from the University of New Mexico.

Listen to a podcast interview with Dino A. Dai Zovi (no longer available).

Johnny Cache
hacker for hire

Johnny Cache recently received his Masters in Computer Security while attending the Naval Postgraduate School. He also co-wrote "Hacking Exposed: Wireless". His latest creation is Airbase, a suite of 802.11 utilities all tied together with a single core C++ library for packet creation and manipulation. His most recent work is a tool to allow for remote chipset/driver detection of various 802.11 devices. This tool can be used to target wireless device driver exploits with much higher precision than previously thought.

Listen to a podcast interview with Johnny Cache (no longer available).


I-Worm.Fuzzer: A new kind of virus

Session DescriptionSpeaker
Most viruses have a hard-coded way of interacting with networks and vulnerabilities and do not have the ability to find and exploit configuration weaknesses and vulnerabilities. They also do not speak against each other or mutate based on each other. This new kind of virus, which was the focus of this presentation, is able to discern configuration weaknesses, find bugs and exploit them, and talk to each other. A bug found by one virus gives the opportunity to all other mutations to execute and exploit the bug giving a more active way of infiltrating networks.

Enrique Sanchez
Yaguarete Security

Enrique Sanchez is a Security Consultant based in Mexico. He develops and researches new techniques on logical security and also specializes in pentesting, training, risk analysis and security strategy. He was the first to develop a steganographic virus which was presented at G-Con I in Mexico City. He has delivered ethical hacking courses worldwide. He is the founder of Yaguarete Security; a company dedicated to research and ethical hacking and works on projects such as liboverflow, APenFra, and many others.

Listen to a podcast interview with Enrique Sanchez (no longer available).


Additional Speakers

Josh Lackey has his Ph.D. in Mathematics but he quickly realized that teaching calculus to freshmen for the rest of his life would drive him crazy. Instead, he decided to do what he was really good at: breaking things. While he enjoys breaking almost anything, he currently specializes in breaking wireless protocols. Josh is currently the Security Development Lead for Microsoft SWI and is responsible for leading a team of world-class hackers who get a chance to attack all of Microsoft's products before you do. Previously, he was a Senior Ethical Hacker for IBM Global Services where he led penetration testing teams against large IBM customers.

Dan Kaminsky is a security researcher who's been presenting research into interesting mechanisms within TCP/IP for several years. Dan is the Director of Pen Test for IOActive, a security consultancy based in Seattle. Dan recently spent eight months on the external penetration test team for Windows Vista. Before that, he spent two years at Cisco Systems Inc. and two more as a senior security consultant at Avaya Inc. Kaminsky has also done extensive work with high-speed network analysis, data tunneling across inclement networks, and shortcomings in the MD5 hashing algorithm. Dan is based in Seattle.